Cybersecurity News


Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites

Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites Two vulnerabilities in the site-building plugin could be useful tools in the hands of a skilled attacker, researchers warned.
01 September 2021

LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files

LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files The ransomware gang claims to have pulled off successful attacks against two airlines and one airport with help from its Accenture attack.
01 September 2021

BEC Scammers Seek Native English Speakers on Underground

BEC Scammers Seek Native English Speakers on Underground Cybercrooks are posting help-wanted ads on dark web forums, promising to do the technical work of compromising email accounts but looking for native English speakers to carry out the social-engineering part of these lucrative scams.
01 September 2021

Feds Warn of Ransomware Attacks Ahead of Labor Day

Feds Warn of Ransomware Attacks Ahead of Labor Day Threat actors recently have used long holiday weekends -- when many staff are taking time off -- as a prime opportunity to ambush organizations.
01 September 2021

This is why the Mozi botnet will linger on

The botnet continues to haunt IoT devices, and likely will for some time to come.
01 September 2021

Cream Finance platform pilfered for over $34 million in cryptocurrency

The project has promised to cover losses suffered by its users.
01 September 2021

Scam artists are recruiting English speakers for business email campaigns

Finding fluent speakers is becoming important to criminals conducting business-based attacks.
01 September 2021

Fortress Home Security Open to Remote Disarmament

Fortress Home Security Open to Remote Disarmament A pair of unpatched security vulnerabilities can allow unauthenticated cyberattackers to turn off window, door and motion-sensor monitoring.
31 August 2021

Cream Finance DeFi Platform Rooked For $29M

Cream Finance DeFi Platform Rooked For $29M Cream is latest DeFi platform to get fleeced in rash of attacks.
31 August 2021

Proxyware Services Open Orgs to Abuse – Report

Proxyware Services Open Orgs to Abuse – Report Services that let consumers resell their bandwidth for money are ripe for abuse, researchers warn.
31 August 2021

Flaw in the Quebec vaccine passport: analysis

ESET's cybersecurity expert Marc-Étienne Léveillé analyses in-depth the Quebec's vaccine proof apps VaxiCode and VaxiCode Verif.

The post Flaw in the Quebec vaccine passport: analysis appeared first on WeLiveSecurity

31 August 2021

Faille dans la preuve vaccinale Québécoise : analyse

Les chercheurs d’ESET expliquent les détails d’une faille découverte dans VaxiCode Vérif, l’application mobile permettant la vérification des preuves vaccinales québécoise

The post Faille dans la preuve vaccinale Québécoise : analyse appeared first on WeLiveSecurity

31 August 2021

Back-to-Basics: Think Before You Click

 

As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on thinking before you click.

31 August 2021

Don’t use single‑factor authentication, warns CISA

The federal agency urges organizations to ditch the bad practice and instead use multi-factor authentication methods

The post Don’t use single‑factor authentication, warns CISA appeared first on WeLiveSecurity

31 August 2021

WooCommerce Pricing Plugin Allows Malicious Code-Injection

WooCommerce Pricing Plugin Allows Malicious Code-Injection The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers.
31 August 2021

QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout

QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout The NAS maker issued two security advisories about the RCE and DoS flaws, adding to a flurry of advisories from the vast array of companies whose products use OpenSSL.
31 August 2021

Top 3 APIs Vulnerabilities: Why Apps are Owned by Cyberattackers

Top 3 APIs Vulnerabilities: Why Apps are Owned by Cyberattackers Jason Kent, hacker-in-residence at Cequence, talks about how cybercriminals target apps and how to thwart them.
31 August 2021

Cyberattackers are now quietly selling off their victim's internet bandwidth

Proxyware is yet another way for criminals to generate revenue from their victims.
31 August 2021

Initial Access Broker use, stolen account sales spike in cloud service cyberattacks

Current trends also include the abuse of Docker images.
31 August 2021

LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection

LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems.
31 August 2021